Coverage for fastapi / security / open_id_connect_url.py: 100%

1from typing import Annotated 4 ctx1abcd

2 

3from annotated_doc import Doc 4 ctx1abcd

4from fastapi.openapi.models import OpenIdConnect as OpenIdConnectModel 4 ctx1abcd

5from fastapi.security.base import SecurityBase 4 ctx1abcd

6from starlette.exceptions import HTTPException 4 ctx1abcd

7from starlette.requests import Request 4 ctx1abcd

8from starlette.status import HTTP_401_UNAUTHORIZED 4 ctx1abcd

9 

10 

11class OpenIdConnect(SecurityBase): 4 ctx1abcd

12 """ 

13 OpenID Connect authentication class. An instance of it would be used as a 

14 dependency. 

15 

16 **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI, 

17 but it doesn't implement the full OpenIdConnect scheme, for example, it doesn't use 

18 the OpenIDConnect URL. You would need to to subclass it and implement it in your 

19 code. 

20 """ 

21 

22 def __init__( 4 ctx1abcd

23 self, 

24 *, 

25 openIdConnectUrl: Annotated[ 

26 str, 

27 Doc( 

28 """ 

29 The OpenID Connect URL. 

30 """ 

31 ), 

32 ], 

33 scheme_name: Annotated[ 

34 str | None, 

35 Doc( 

36 """ 

37 Security scheme name. 

38 

39 It will be included in the generated OpenAPI (e.g. visible at `/docs`). 

40 """ 

41 ), 

42 ] = None, 

43 description: Annotated[ 

44 str | None, 

45 Doc( 

46 """ 

47 Security scheme description. 

48 

49 It will be included in the generated OpenAPI (e.g. visible at `/docs`). 

50 """ 

51 ), 

52 ] = None, 

53 auto_error: Annotated[ 

54 bool, 

55 Doc( 

56 """ 

57 By default, if no HTTP Authorization header is provided, required for 

58 OpenID Connect authentication, it will automatically cancel the request 

59 and send the client an error. 

60 

61 If `auto_error` is set to `False`, when the HTTP Authorization header 

62 is not available, instead of erroring out, the dependency result will 

63 be `None`. 

64 

65 This is useful when you want to have optional authentication. 

66 

67 It is also useful when you want to have authentication that can be 

68 provided in one of multiple optional ways (for example, with OpenID 

69 Connect or in a cookie). 

70 """ 

71 ), 

72 ] = True, 

73 ): 

74 self.model = OpenIdConnectModel( 4 ctx1abcd

75 openIdConnectUrl=openIdConnectUrl, description=description 

76 ) 

77 self.scheme_name = scheme_name or self.__class__.__name__ 4 ctx1abcd

78 self.auto_error = auto_error 4 ctx1abcd

79 

80 def make_not_authenticated_error(self) -> HTTPException: 4 ctx1abcd

81 return HTTPException( 6 ctx1efghij

82 status_code=HTTP_401_UNAUTHORIZED, 

83 detail="Not authenticated", 

84 headers={"WWW-Authenticate": "Bearer"}, 

85 ) 

86 

87 async def __call__(self, request: Request) -> str | None: 4 ctx1abcd

88 authorization = request.headers.get("Authorization") 27 ctx1neopfqrkstguvhwxlyziABjCDmE

89 if not authorization: 27 ctx1neopfqrkstguvhwxlyziABjCDmE

90 if self.auto_error: 9 ctx1efkghlijm

91 raise self.make_not_authenticated_error() 6 ctx1efghij

92 else: 

93 return None 3 ctx1klm

94 return authorization 18 ctx1nopqrstuvwxyzABCDE